From time to time we find ourselves conducting a password audit for a client. While not terribly exciting from an attackers point of view, it is a necessary check to perform and can provide valuable output if the client is capable of acting on it. Many organizations also perform similar assessments internally. Typically the process looks something like this: 1. Obtain ... READ MORE
Blog
Bypassing Common Physical Security Perimeter Controls
On a recent physical penetration test, I encountered a curious, but not uncommon, scenario. The target organization sat spread across multiple, disconnected floors in a shared, third party-owned high rise. The large first floor lobby was a public space and included a central guard desk (which really only functioned as an information kiosk). The target did include a reception ... READ MORE
Phishing for Days: Utilizing the King Phisher Calendar Invite
With the upcoming release of King Phisher v1.1, there will come a new way to Phish through calendar invites. "Why calendar invites?" you might ask. Well, when you get a typical calendar invite, how likely are you to thoroughly read through it? People tend to check the sender and, maybe, their availability and then accept. Only when it's time for the meeting do most ... READ MORE
Ghosts in the Machines
Methods for the prevention, detection, and removal of ghosts in digital networks We often find that clients are so focused on preventing attacks from malicious living humans that they completely neglect the threat posed by ghosts. With that in mind, today’s post focuses on defensive measures that can be implemented to (1) prevent ghost infestations; (2) detect paranormal ... READ MORE
Launch rdesktop from Metasploit
I often resort to remote desktop sessions when pillaging or attempting lateral escalation. Remote desktop provides an easy way to look for important data, get an idea of what applications are in use, run scripts or programs, and transfer data between my host and the target system. Since the Windows “Remote Desktop Connection” program keeps track of IP addresses and makes it ... READ MORE
Let’s Build an Arcade Cabinet: Episode I
So this is not a security-related post, but what the heck. Every quarter or so here at RSM, we hold an Innovation Day. We get to dedicate a full day's worth of time to personal projects that will benefit the company in some way. We've had some really cool projects come out of the Innovation Days of the past which have included the WMD (a Pi-based device for tracking down ... READ MORE
King Phisher 1.0 Released
Since it's inception almost two years ago King Phisher has changed the way we at RSM provide email based social engineering services to our clients. We have integrated it into our external penetration testing methodology as well as relied on it for dedicated social engineering assessments. At the time, other phishing projects did not have the flexibility to meet all of the ... READ MORE
Metasploit Module of the Month – enum_ad_computers
Summer has officially ended and Autumn is setting in. As the leaves begin to fall and September draws to a close, it’s a perfect time to sit back and reflect on the metasploit modules that filled our Summer months with joy. In the third installment of our “Module of the Month” series we examine enum_ad_computers, a post-exploitation module that combines the flexibility of LDAP ... READ MORE
Crontab One Time Payload Execution
Recently, I was writing an exploit for a vulnerability that I had discovered in a Linux based server application. The flaw, when successfully exploited, allowed a file to be written anywhere on the file system with the permissions of the user running the server. In the case of the application I was targeting, it was often executed as root in order to bind to a privileged port ... READ MORE
Accessing Internal Web Apps via Meterpreter on a Jumpbox
Post breach on a recent external penetration test, I wanted to do some poking around the target's intranet which required that I set up a SOCKS proxy. Given that I was using a jumpbox, I knew it was going to be necessary to set up a tunnel to get everything working properly. If you're anything like me, tunneling makes your brain hurt. Fortunately, with a little help from jagar, ... READ MORE